Last Updated: 5 June 2026
1. Introduction
The Mekong Club Limited (Company Registration No. 58964668), whose registered office is at Unit 903-906A, 9/F, Kowloon Centre, 33 Ashley Road, Tsim Sha Tsui, Hong Kong (“The Mekong Club”, “we”, “us”, or “our”), is committed to protecting your personal data and respecting your privacy.
This Privacy Policy explains how we collect, use, store and share your personal data when you:
- visit our website;
- register as a member or express interest in membership;
- contact us;
- subscribe to our communications; or
- make a donation.
“Personal data” means any information relating to an identified or identifiable individual.
As an organisation based in Hong Kong and engaging with companies globally, including in the European Union, The Mekong Club is required to comply with applicable data protection laws, including the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) and the EU General Data Protection Regulation (“GDPR”). This Privacy Policy serves as a Personal Information Collection Statement under the PDPO.
2. Information We Collect
2.1 Information you provide
We collect personal data that you voluntarily provide, including:
- First name and last name;
- Email address;
- Country of residence/location;
- Organisation name;
- Organisation size;
- Industry;
- Information about how you heard about The Mekong Club;
- Newsletter subscription preferences; and
- Your consent to this Privacy Policy.
Where applicable (for example, when making a donation), we may also collect:
- Billing name and address;
- Donation amount;
- Transaction date; and
- Transaction reference details.
Payment card information is processed securely by third-party payment providers, including Stripe and PayPal, and is not stored by The Mekong Club.
2.2 Automated information
When you visit our website, we may automatically collect:
- IP address (approximate location);
- Device and browser type;
- Pages visited and interactions; and
- Time spent on pages.
This data is collected through cookies and similar technologies, including Google Analytics 4.
3. How We Use Your Personal Data
We use your personal data only for the following purposes:
| Why we process your personal data |
Legal basis |
Information categories used |
| Service delivery. To process membership enquiries, registrations, donations, and provide access to our services, tools and events. |
Processing is necessary to perform our contract with you or to take steps at your request prior to entering into a contract. |
All of the information listed in section 2.1, including donation-related information where applicable. |
| Communication. To respond to enquiries and provide relevant operational updates. |
Legitimate interests. It is in our legitimate interests to respond to enquiries in a timely manner and maintain effective communication with members, donors and stakeholders. |
Name, email address, country/location, organisation information and communication records. |
| Marketing. To send newsletters, event invitations and updates about our work. |
Consent. |
Name, email address, country/location, organisation information and newsletter preferences. |
| Improvement and analytics. To analyse website usage and improve our content, services and outreach. |
Legitimate interests. It is in our legitimate interests to understand how our website is used and improve user experience and services. |
Website analytics information, including IP address, device information, pages visited and usage data. |
| Legal and financial compliance. To comply with legal, accounting, regulatory and reporting obligations. |
Compliance with legal obligations. |
Relevant personal and transaction data necessary to meet applicable legal requirements. |
Providing personal data is voluntary. However, if you do not provide certain information, we may not be able to provide the requested services or respond to your enquiries.
4. Direct Marketing
Where you have provided your consent, we may use your name and email address to send:
- newsletters;
- event invitations; and
- updates on our programmes and initiatives.
You can withdraw your consent at any time by:
- clicking the “unsubscribe” link in our emails; or
- contacting our Chief Executive Officer directly at info@wp-update.wild-webdev.com.
Any withdrawal of consent does not affect the lawfulness of any processing carried out before such withdrawal.
5. Data Sharing
We do not sell your personal data.
We may share your personal data with the following service providers, who process data on our behalf and are required to maintain appropriate security measures and comply with applicable data protection laws:
| Service Provider |
Services Provided |
Location |
| Mailchimp |
Email marketing and communications platform |
United States |
| Google Analytics 4 (Google LLC) |
Website analytics and usage reporting |
United States |
| Beacon CRM |
Supporter CRM and relationship management |
United Kingdom |
| WooCommerce |
Donation functionality and website integration |
United States |
| Stripe |
Donation payment processing |
United States |
| PayPal |
Donation payment processing |
United States |
| GoDaddy |
Website hosting and IT infrastructure services |
United States |
We may also disclose your personal data to:
- Regulatory, legal and governmental authorities where required by law, regulation, court order or official request. The legal basis for such disclosures is compliance with our legal obligations or, in the case of request from authorities outside the EU, our legitimate interests to ensure we are compliant with applicable legal and regulatory frameworks or the establishment, exercise or defence of legal claims;
- Professional advisers, including legal advisers, auditors and insurers, where necessary for the operation and protection of our organisation. The legal basis for such disclosures is our legitimate interests in obtaining professional advice and managing our legal and financial affairs.
6. International Data Transfers
Your personal data may be transferred to and processed in countries outside your jurisdiction, including where our service providers are located.
Where personal data is transferred outside the European Economic Area to a country that is not subject to an adequacy decision by the European Commission, we implement appropriate safeguards to protect your personal data in accordance with applicable data protection laws.
| Recipient / Service Provider |
Country of Transfer |
Adequacy Decision |
Safeguard / Transfer Mechanism |
| Mailchimp |
United States |
No |
Standard Contractual Clauses (SCCs) |
| Google Analytics 4 (Google LLC) |
United States |
No |
Standard Contractual Clauses (SCCs) |
| Beacon CRM |
United Kingdom |
Yes |
N/A |
| WooCommerce |
United States |
No |
Standard Contractual Clauses (SCCs) |
| Stripe |
United States |
No |
Standard Contractual Clauses (SCCs) |
| PayPal |
United States |
No |
Standard Contractual Clauses (SCCs) |
| GoDaddy |
United States |
No |
Standard Contractual Clauses (SCCs) |
7. Your Rights
Depending on your location and applicable law, you may have the right to:
- Access your personal data;
- Request correction of inaccurate or incomplete personal data;
- Request deletion of your personal data;
- Object to or restrict certain processing of your personal data;
- Withdraw your consent at any time;
- Request the transfer of your personal data to another organisation where applicable; and
- Lodge a complaint with the relevant data protection authority.
To exercise these rights, please contact us using the details below.
8. Data Security
We take reasonable technical and organisational measures to protect your personal data from unauthorised access, loss, misuse, disclosure, alteration or destruction.
Access to personal data is restricted to authorised personnel and trusted service providers who require access to perform their duties.
9. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy and to comply with applicable legal, regulatory, accounting and reporting obligations.
The periods for which we retain personal data are set out below:
| Category of Personal Data |
Retention Period |
| Donation and transaction records |
7 years from the date of the transaction |
| Financial and accounting records |
7 years from the date of the relevant record |
| Marketing communication preferences |
Until you withdraw your consent or unsubscribe |
For all other categories of personal data, we retain information only for as long as necessary to fulfil the purposes described in this Privacy Policy, taking into account:
- the nature and sensitivity of the personal data;
- the purposes for which it was collected and processed;
- applicable legal, regulatory, accounting and reporting requirements;
- the need to establish, exercise or defend legal claims; and
- our legitimate business and operational requirements.
Where personal data is no longer required, we will securely delete or anonymise it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be published on this page with a revised “Last Updated” date.
11. Contact Us
If you have questions or requests regarding your personal data, please contact:
Matthew Friedman
Chief Executive Officer
The Mekong Club Limited
Email: info@wp-update.wild-webdev.com
